FreeBSD Man Pages

PORTAUDIT(1) 1 (freebsd ports collection) PORTAUDIT(1)
NAMEportaudit - system to check installed packages for known vulnerabilities
SYNOPSISportaudit [-aCdFqvV] [-Xdays] [-ffile] [-reregex] [pkg-name...]
DESCRIPTIONportaudit checks installed packages for known vulnerabilities and
generates reports including references to security advisories. Its
intended audience is system administrators and individual users.
portaudit uses a database maintained by port committers and the FreeBSD
security team to check if security advisories for any installed packages
exist. Note that a current ports tree (or any local copy of the ports
tree) is not required for operation.
This package also installs a script into /usr/local/etc/periodic/security
that regularly updates this database and includes a report of vulnerable
packages in the daily security report.
If you have a vulnerable package installed, you are advised to update or
deinstall it immediately.
OPTIONS
The following options are supported:
-a Print a vulnerability report for all installed packages.
-C Print a vulnerability report for the port in the current working
directory. Mostly useful for port developers.
-d Print the creation date of the database.
-F Fetch the current database from the FreeBSD servers.
-q Quiet mode.
-V Show portaudit version number.
-v Verbose mode.
-Xdays
Download a fresh database when the local is at least days old.
-ffile
Check the packages listed in file for known vulnerabilities.
-reregex
Restrict listed vulnerabilities to those where a reference matches
egrep(1) pattern eregex. Useful to test new entries.
pkg-name...
Test whether pkg-name is listed in the audit database.
If no options are given, portaudit prints a vulnerability report for all
installed packages.
EXAMPLES
Fetch the current database and print its creation date:
portaudit -Fd
Print a vulnerability report for all installed packages:
portaudit -a
Print a vulnerability report for a remote machine:
ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit
Print a vulnerability report for the local INDEX:
portaudit -f /usr/ports/INDEX-8
Print a vulnerability report for the current set of prebuild packages:
curl -l
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/
| sed -n -e 's/.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -
FILES/usr/local/etc/portaudit.conf, /var/db/portaudit/auditfile.tbzSEE ALSOports(7), periodic.conf(5), http://portaudit.FreeBSD.org/,
http://www.FreeBSD.org/security/#adv, http://VuXML.FreeBSD.org/.
BUGS
Sure to be some.
AUTHOR
Oliver Eikemeier <eik@FreeBSD.org>
HISTORY
Package auditing first appeared in NetBSD 1.4.3.
FreeBSD 11.0-PRERELEASE June 21, 2009 FreeBSD 11.0-PRERELEASE